Latest Advisories

Live Virus Advisory Feeds
2004-02-25

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
eEye has discovered a vulnerability in ZoneAlarm and Integrity client, allowing users to escalate their privileges and potentially also allowing malicious people to compromise a user's system.
Linux Kernel mremap() Missing Return Value Checking Privilege Escalation
Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.
Mac OS X Security Update Fixes Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in Apple Mac OS X, where some of the specified issues can be exploited to gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-02-25
- nCipher HSM Exposure of Secrets

- jabber-gg-transport Multiple Denial of Service Vulnerabilities

- Trillian Protocol Handling Buffer Overflow Vulnerabilities

- TYPSoft FTP Server Denial of Service

- Mandrake update for kernel

- ICQ Predictable File Location Weakness

- Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability

- Trustix update for kernel

2004-02-24
- Platform LSF eauth Component Vulnerabilities

- Opt-X Arbitrary File Inclusion Vulnerability

- Confirm Arbitrary Command Execution Vulnerability

- XMB Cross Site Scripting and SQL Injection Vulnerabilities

- Apache Directory Traversal Vulnerability

- Debian update for metamail

- Avirt Voice/Soho Long Input Buffer Overflow Vulnerabilities

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Mac OS X Security Update Fixes Multiple Vulnerabilities

- Internet Explorer URL Spoofing Vulnerability

- ZoneAlarm SMTP Processing Buffer Overflow Vulnerability

- Apache Directory Traversal Vulnerability

- AOL Instant Messenger Predictable File Location Weakness

Security Tracker

Apple Safari Browser Has an Unspecified Flaw in URL Status Bar Display

A vulnerability was reported in Apple's Safari web browser. The impact was not specified.

Impact: Not specified

FlexWATCH Video Server Input Validation Flaw Permits Cross-Site Scripting Attacks

Rafel Ivgi (The-Insider) reported an input validation vulnerability in FlexWATCH video servers. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Giga-Byte Technology Router Authentication Flaw Lets Remote Users Access the Device

Rafel Ivgi (The-Insider) reported an authentication vulnerability in the GN-B46B broadband wireless router from Giga-Byte Technology. A remote user can gain access to the device.

Impact: User access via network

Opt-X Include File Hole Lets Remote Users Execute Arbitrary Code on the Target System

G00db0y from Zone-h Security Labs reported an include file vulnerability in Opt-X. A remote user can execute arbitrary PHP code on the target system.

Impact: Execution of arbitrary code via network, User access via network

Apple Darwin Streaming Server DESCRIBE Buffer Overflow Lets Remote Users Deny Service

iDEFENSE reported a vulnerability in Apple's QuickTime Darwin Streaming Server. A remote user can cause denial of service conditions.

Impact: Denial of service via network

SecurityFocus BugTraq
SecurityFocus Vulnerabilities

02/25/2004 Re: Windows XP explorer.exe heap overflow. Eli Kara
02/25/2004 MDKSA-2004:016 - Updated mtools packages fix local root vulnerability Mandrake Linux Security Team
02/25/2004 RE: Windows XP explorer.exe heap overflow. Larry Seltzer
02/25/2004 jgs webserver 0.1.0 Cross Site Scripting Vulnerabillity Rafel Ivgi, The-Insider
02/25/2004 Fw: [Unpatched] The Bizex worm Thor Larholm
02/24/2004 Hidden Gamespy code leads to vulnerabilities in diffused games (BF1942, Halo, Dredd and more) Luigi Auriemma
02/24/2004 Remote crash in Ghost Recon engine Luigi Auriemma
02/24/2004 Remote server crash in Haegemonia 1.07 Luigi Auriemma
02/24/2004 Advisory 022004: Trillian remote overflows Stefan Esser
02/24/2004 Re: blocking gzip encoded files Josep L. Guallar-Esteve
02/24/2004 Re: Windows XP explorer.exe heap overflow. Tim
02/24/2004 Re: Bank of America Contact peloy chapus net (Eloy A Paris)
02/24/2004 RE: blocking gzip encoded files Gervase Markham
02/24/2004 MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team
02/24/2004 New ICQ WORM Rafel Ivgi, The-Insider
02/24/2004 snort rules for ICQ http/https tunnels Alexander Antipov
02/24/2004 BadBlue 2.4 Local Path Disclosure By phptest.php Rafel Ivgi, The-Insider
02/24/2004 FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass Rafel Ivgi, The-Insider
02/24/2004 Gigabyte Broadband Router - Multiple Vulnerabilities Rafel Ivgi, The-Insider
02/24/2004 Re: Windows XP explorer.exe heap overflow. Eli K.
02/24/2004 iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote Denial of Service Vulnerability iDefense Labs
02/24/2004 Re: blocking gzip encoded files mgotts 2roads com
02/24/2004 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability advisory stgsecurity com
02/23/2004 Mac OS X pppd format string vulnerability Advisories
02/23/2004 TYPSoft FTP Server 1.10 multiple vulnerabilities intuit e.b.
02/23/2004 Web Crossing 4.x5.x Denial of Service Vulnerability (FIX) Peter Winter-Smith
02/23/2004 blocking gzip encoded files Darwin Mecham
02/23/2004 RE: Windows XP explorer.exe heap overflow. Michael Wojcik
02/23/2004 Re: Remote Administrator 2.x: highly possible remote hole or backdoor Ari Gordon-Schlosberg
02/23/2004 Re: Windows XP explorer.exe heap overflow. Chris Calabrese
02/23/2004 Re: Bank of America Contact Jon W
02/23/2004 Lam3rZ Security Advisory 32004: A bug in Confirm leads to remote command execution Mariusz Woloszyn
02/23/2004 RE: [Full-Disclosure] ASN.1 telephony critical infrastructurewarning - VOIP David Wilson
02/23/2004 Re: lbreakout2

Symantec SSR

W32.Netsky.C@mm February 24, 2004 February 25, 2004
W32.Welchia.D.Worm February 23, 2004 February 23, 2004
Downloader.Botten February 23, 2004 February 23, 2004
W97M.Ortant@mm
WM97/Ortant-A (Sophos), W97M/Ortant (McAfee), W97M_ORTANT.A. (Trend) February 22, 2004 February 23, 2004
W32.Cone@mm February 22, 2004 February 23, 2004
Backdoor.IRC.Aladinz.L February 21, 2004 February 23, 2004
Java.StartPage
Trojan.Java.StartPage [Kaspersky], Exploit-ByteVerify [McAfee] February 20, 2004 February 23, 2004
W32.Mydoom.F@mm
W32/Mydoom.f@MM [McAfee], WORM_MYDOOM.F [Trend], W32/MyDoom-F [Sophos], I-Worm.Mydoom.f [Kaspersky], Win32.Mydoom.F [Computer Associates] February 20, 2004 February 23, 2004
Backdoor.Kaitex.E February 20, 2004 February 23, 2004
W97M.Saver.H
Macro.Word97.Saver [Kaspersky], W97M/Doccopy.A [F-Prot] February 19, 2004 February 20, 2004
Backdoor.IRC.Aladinz.K February 19, 2004 February 19, 2004
W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos], I-Worm.Bagle.b [Kaspersky] February 17, 2004 February 17, 2004
W32.HLLW.Antinny.E February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend], W32/Nachi.worm.c [McAfee], W32/Nachi-C [Sophos], Win32.Nachi.C [Computer Associates], Worm.Win32.Welchia.c [Kaspersky] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b [Kaspersky] February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004
W32.Blaster.K.Worm
W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee] February 3, 2004 February 4, 2004
W32.Hostidel.Trojan.C February 3, 2004 February 4, 2004
W32.HLLW.Chemsvy
Worm.P2P.Apsiv [Kaspersky], W32/Apsiv.worm!p2p [McAfee] February 3, 2004 February 3, 2004
W32.Dumaru.AD@mm
I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee] February 3, 2004 February 3, 2004
W32.Galil.F@mm
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky] February 2, 2004 February 3, 2004
VBS.Shania
Backdoor.VBS.Shania [Kaspersky], VBS/Pica.worm.gen [McAfee] February 2, 2004 February 2, 2004
Keylogger.Stawin
Keylogger.Trojan, Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos], TrojanSpy.Win32.Keylogger.aa [Kaspersky], Win32.Elkong.D [Computer Associates], TROJ_KEYLOG.AA [Trend] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Anig.worm [McAfee], WORM_ANIG.A [Trend], Win32.Dfcsvc.A [Computer Associates], Worm.Win32.Anig [Kaspersky] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Mydoom.A@mm
W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee], Win32.Dumaru.Z [Computer Associates], I-Worm.Dumaru.l [Kaspersky], WORM_DUMARU.Z [Trend] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure], TrojanProxy.Win32.Mitglieder.c [Kaspersky], Proxy-Mitglieder [McAfee], TROJ_MITGLIEDR [Trend] January 20, 2004 January 20, 2004






NAV Daily Definitions (Go!)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


Technical Alerts
TA04-041A
Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-049
Summary of Security Items from February 4 through February 17, 2004
Non-technical Alerts
SA04-041A
Multiple Vulnerabilities in Microsoft Windows
ST04-002
Choosing and Protecting Passwords





Latest version: February 24, 2004 16:27:22 EST
W32/Mydoom.F
W32/Welchia.D
IMail server exploitation
W32/Netsky.B
W32/Bagle.B
ASN.1 exploit code
W32/Mydoom.C or W32.HLLW.Doomjuice
W32/Mydoom or W32/Novarg
W32/Beagle or W32/Bagle Worm
Systems compromised via buffer overflow in DameWare

Live Virus Advisory Feed